new two advisories and sprints work on them

2026-01-16 18:39:36 +02:00
parent 9daf619954
commit c3a6269d55
72 changed files with 15540 additions and 18 deletions
--- a/src/Signals/StellaOps.Signals/Services/NullEventsPublisher.cs
+++ b/src/Signals/StellaOps.Signals/Services/NullEventsPublisher.cs
@@ -2,8 +2,6 @@ using System.Threading;
 using System.Threading.Tasks;
 using StellaOps.Signals.Models;

-using StellaOps.Signals.Models;
-
 namespace StellaOps.Signals.Services;

 internal sealed class NullEventsPublisher : IEventsPublisher
--- a/src/Signals/StellaOps.Signals/Services/RuntimeFactsIngestionService.cs
+++ b/src/Signals/StellaOps.Signals/Services/RuntimeFactsIngestionService.cs
@@ -653,7 +653,7 @@ public sealed class RuntimeFactsIngestionService : IRuntimeFactsIngestionService
    private async Task EmitRuntimeUpdatedEventAsync(
        ReachabilityFactDocument persisted,
        ReachabilityFactDocument? existing,
-        IReadOnlyList<RuntimeFact> aggregated,
+        IReadOnlyList<RuntimeFactDocument> aggregated,
        RuntimeFactsIngestRequest request,
        CancellationToken cancellationToken)
    {
@@ -682,6 +682,9 @@ public sealed class RuntimeFactsIngestionService : IRuntimeFactsIngestionService
        var totalHits = aggregated.Sum(f => f.HitCount);
        var confidence = Math.Min(1.0, 0.5 + (totalHits * 0.01)); // Base 0.5, +0.01 per hit, max 1.0

+        var cveId = TryGetMetadataValue(request.Metadata, "cve_id", "cveId");
+        var purl = TryGetMetadataValue(request.Metadata, "purl");
+
        var runtimeEvent = RuntimeUpdatedEventFactory.Create(
            tenant: tenant,
            subjectKey: persisted.SubjectKey,
@@ -691,8 +694,8 @@ public sealed class RuntimeFactsIngestionService : IRuntimeFactsIngestionService
            confidence: confidence,
            fromRuntime: true,
            occurredAtUtc: timeProvider.GetUtcNow(),
-            cveId: request.Subject.CveId,
-            purl: request.Subject.Purl,
+            cveId: cveId,
+            purl: purl,
            callgraphId: request.CallgraphId,
            previousState: previousState,
            runtimeMethod: request.Metadata?.TryGetValue("source", out var src) == true ? src : "ebpf",
@@ -713,7 +716,7 @@ public sealed class RuntimeFactsIngestionService : IRuntimeFactsIngestionService

    private static RuntimeUpdateType DetermineUpdateType(
        ReachabilityFactDocument? existing,
-        IReadOnlyList<RuntimeFact> newFacts)
+        IReadOnlyList<RuntimeFactDocument> newFacts)
    {
        if (existing?.RuntimeFacts is null || existing.RuntimeFacts.Count == 0)
        {
@@ -760,4 +763,22 @@ public sealed class RuntimeFactsIngestionService : IRuntimeFactsIngestionService
        var hash = sha256.ComputeHash(System.Text.Encoding.UTF8.GetBytes(content));
        return "sha256:" + Convert.ToHexStringLower(hash);
    }
+
+    private static string? TryGetMetadataValue(Dictionary<string, string?>? metadata, params string[] keys)
+    {
+        if (metadata is null || keys is null || keys.Length == 0)
+        {
+            return null;
+        }
+
+        foreach (var key in keys)
+        {
+            if (metadata.TryGetValue(key, out var value) && !string.IsNullOrWhiteSpace(value))
+            {
+                return value;
+            }
+        }
+
+        return null;
+    }
 }
--- a/src/Signals/__Tests/StellaOps.Signals.Tests/ReachabilityScoringServiceTests.cs
+++ b/src/Signals/__Tests/StellaOps.Signals.Tests/ReachabilityScoringServiceTests.cs
@@ -331,6 +331,9 @@ public class ReachabilityScoringServiceTests
            Last = fact;
            return Task.CompletedTask;
        }
+
+        public Task PublishRuntimeUpdatedAsync(RuntimeUpdatedEvent runtimeEvent, CancellationToken cancellationToken)
+            => Task.CompletedTask;
    }

    private sealed class InMemoryUnknownsRepository : IUnknownsRepository
--- a/src/Signals/__Tests/StellaOps.Signals.Tests/RuntimeFactsBatchIngestionTests.cs
+++ b/src/Signals/__Tests/StellaOps.Signals.Tests/RuntimeFactsBatchIngestionTests.cs
@@ -295,6 +295,9 @@ public class RuntimeFactsBatchIngestionTests
    {
        public Task PublishFactUpdatedAsync(ReachabilityFactDocument fact, CancellationToken cancellationToken)
            => Task.CompletedTask;
+
+        public Task PublishRuntimeUpdatedAsync(RuntimeUpdatedEvent runtimeEvent, CancellationToken cancellationToken)
+            => Task.CompletedTask;
    }

    private sealed class StubReachabilityScoringService : IReachabilityScoringService
--- a/src/Signals/__Tests/StellaOps.Signals.Tests/RuntimeFactsIngestionServiceTests.cs
+++ b/src/Signals/__Tests/StellaOps.Signals.Tests/RuntimeFactsIngestionServiceTests.cs
@@ -146,6 +146,9 @@ public class RuntimeFactsIngestionServiceTests
            Last = fact;
            return Task.CompletedTask;
        }
+
+        public Task PublishRuntimeUpdatedAsync(RuntimeUpdatedEvent runtimeEvent, CancellationToken cancellationToken)
+            => Task.CompletedTask;
    }

    private sealed class RecordingScoringService : IReachabilityScoringService